QUESTION 1

Which of the following network devices would MOST likely be used to detect but not
stop suspicious behaviour on the network?
Choose one answer.
A. Network Intrusion Detection System
B. Host Intrusion Detection System
C. Firewall.
D. Network Intrusion Prevention System

QUESTION 2

Which of the following is a firewall that keeps track of the state of network
connections traveling across it?
A. Stateful firewall
B. Stateless packet filter firewall
C. Circuit-level proxy firewall
D. Application gateway firewall

QUESTION 3

Fill in the blank with the appropriate term. ______________ encryption is a type of
encryption that uses two keys, i.e., a public key and a private key pair for data
encryption. It is also known as public key encryption.
A. Asymmetric
B. Symmetric
C. Transposition
D. Substitution
QUESTION 4

Which of the following can be performed with software or hardware devices in order
to record everything a person types using his keyboard?
A. Warchalking
B. Keystroke logging
C. War dialing
D. IRC bot

QUESTION 5

Fill in the blank with the appropriate term. ______________is a free open-source
utility for network exploration and security auditing that is used to discover computers
and services on a computer network, thus creating a "map" of the network.
A. Nessus
B. Open Office
C. Open Map
D. Zenmap or Nmap

QUESTION 6

Which of the following statements are true about volatile memory? Each correct
answer represents a complete solution. Choose all that apply.
A. Read only memory (ROM) is an example of volatile memory.
B. The content is stored permanently and even the power supply is switched off.
C. A volatile storage device is faster in reading and writing data.
D. It is computer memory that requires power to maintain the stored information.
QUESTION 7
Fill in the blank with the appropriate term. A ______________ is a set of tools that
take Administrative control of a computer system without authorization by the
computer owners and/or legitimate managers.
A. Virus
B. Worm
C. Remote Access Trojan (RAT)
D. Antivirus

QUESTION 8

What type of logs could possibly offer evidence that an attacker has been attempting
to perform brute force attacks on a Windows Server?

A Application logs
B Setup logs
C Security logs
D System logs

QUESTION 9

What is the Windows registry?

A. A list of registered software on the Windows Operating system
B. Memory allocated to running programs
C. A database used to store information necessary to configure the system for
users
D. A list of drivers for applications running on the Windows operating system
QUESTION 10

Which Windows log captures and describes events like an OS shutdown/restart or a

service being (re)started/stopped?
A. Application log
B. System log
C. IIS log
D. Security log

QUESTION 11

Which technologies typically send traffic using clear text? (Choose two.)
A HTTP
B SCP
C TLS
D Telnet

QUESTION 12

An end user’s host becomes infected with a virus because the end user browsed to a
malicious website. Which endpoint security technology can be used to best prevent
such an incident?
A Stateless Firewall
B Hashing Encryption
C Endpoint Malware protection
E File integrity checker
QUESTION 13

Which two statements are true about packet captures and packet capturing utilities
such as Wireshark and TCPDump? (Choose two.)
A. Packet captures can record transactions between specific hosts on a network
and be played back later for deep packet analysis.
B. Most packet capturing tools are cumbersome and difficult to configure.
C. Packet captures can provide information about hidden content that may be
inside a packet.
D. Because packet captures are relatively useless unless entire untruncated
packets are captured, maximum packet length is not a configurable option in
packet capture utilities.

QUESTION 14

Which definition of an antivirus program is true?

A. A program used to detect and remove unwanted malicious software from the
system
B. A program that provides real-time analysis of security alerts generated by
network hardware and applications
C. A program that scans a running application for vulnerabilities
D. Rules that allow network traffic to go in and out

QUESTION 15

Which type of attack occurs when an attacker utilizes a botnet to reflect requests off
a server such as an NTP server to overwhelm their target?
A. Man in the middle
B. Denial of service
C. Distributed denial of service
D. Replay attack
QUESTION 16

Which technology allows a private IP addresses such as 192.168.0.2 to be

represented by a public IP address?

A. NAT
B. NTP
C. RFC 1631
D. Bitcoin

QUESTION 17

Where does routing occur within the TCP/IP model?

A. Application
B. Internet
C. Network
D. Transport

QUESTION 18

At which OSI layer does a Switch typically operate?

A. Transport
B. Network
C. Data link
D. Application

QUESTION 19

Which of the following are characteristics of hashing algorithms, for example, MD5 or
SHA-1?

A. One-way (none-reversible) operation

B. Variable-length input with fixed-length output
C. Collision resistance
D. All of these answers are correct.
QUESTION 20

When dealing with Transport encryption, which of the following protocols is used with
to provide confidentiality?

Options are:

A. TLS

B. ICMP

C. UDP

D. TCP

QUESTION 21

A user downloaded software from a potentially untrusted site. While trying to install
the software, the antivirus software alerts the user that the file could be infected and
carries a malware. What best describes the type of malware?

A. Trojan

B. Virus

C. Ransomware

D. Worm

QUESTION 22

Which of the following are examples of packet analyzers? (Choose two.)

A. Wireshark

B. NMAP

C. tcpdump

D. Kaspersky
QUESTION 23

Which of the following Operating systems are open source?

A. Windows XP

B. Ubuntu Linux

C. Windows 10

D. DOS

QUESTION 24

What type of attack occurs when an attacker sends a flood of protocol request
packets to various IP hosts and the attacker spoofs the source IP address of the
packets, such that each packet has the IP address of the intended target rather than
the IP address of the attacker as its source address?

A. Reflection attack

B. Amplification attack

C. MITM attack

D. Trojan virus

QUESTION 25

A hacker has managed to gain access to a Linux host and stolen the password file
from /etc/passwd. How can he use it?

A. The password file does not contain the passwords themselves.

B. He can open it and read the user ids and corresponding passwords.
C. The file reveals the passwords to the root user only.
D. He cannot read it because it is encrypted.
QUESTION 26

There are several ways to gain insight on how a cryptosystem works with the goal of
reverse engineering the process. A term describes when two pieces of data result in
the same value is?
a. Collision
b. Collusion
c. Polymorphism
d. Escrow

QUESTION 27

In both pharming and phishing attacks an attacker can create websites that look
similar to legitimate sites with the intent of collecting personal identifiable information
from its victims. What is the difference between pharming and phishing attacks?

A. In a pharming attack a victim is redirected to a fake website by modifying their

host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack
an attacker provides the victim with a URL that is either misspelled or looks
similar to the actual website’s domain name.
B. Both pharming and phishing attacks are purely technical and are not considered
forms of social engineering.
C. Both pharming and phishing attacks are identical.
D. In a phishing attack a victim is redirected to a fake website by modifying their
host configuration file or by exploiting vulnerabilities in DNS. In a pharming
attack an attacker provides the victim with a URL that is either misspelled or
looks very similar to the actual website’s domain name.

QUESTION 28

What network security concept requires multiple layers of security controls to be

placed throughout an IT infrastructure, which improves the security posture of an
organization to defend against malicious attacks or potential vulnerabilities?

a. Security through obscurity

b. Host-Based Intrusion Detection System
c. Defence in depth
d. Network-Based Intrusion Detection System
QUESTION 29

One of the Forbes 500 companies has been subjected to a large-scale attack. You
are one of the shortlisted pen testers that they may hire. During the interview with the
CIO, he emphasized that he wants to totally eliminate all risks. What is one of the
first things you should do when hired?
a. Interview all employees in the company to rule out possible insider
threats.
b. Establish attribution to suspected attackers.
c. Explain to the CIO that you cannot eliminate all risk, but you will be
able to reduce risk to acceptable levels.
d. Start the Wireshark application to start sniffing network traffic.
QUESTION 30

Why is a write blocker needed during the acquisition phase of digital evidence?
Choose one answer.
A. To prevent the operating system from adding any new log events post
incident and hence destroying any evidence.
B. To keep the hacker from destroying evidence on a hard disc, in order to
preserve chain of custody.
C. To disable any utilities installed by the hacker which could wipe the disc and
hence destroying the chain of custody.
D. To prevent evidence from being altered and hence maintained evidence
integrity.

QUESTION 31

What is the main objective of segregation of duties?

Choose one answer.
A. To prevent users from having the same job.
B. To prevent employees from disclosing sensitive information.
C. To ensure that no single individual can compromise a system.
D. To ensure access controls are in place.
QUESTION 32

In order to access a PC, an employee must swipe their finger on the PC. Which of
the following describes this form of authentication?
Choose one answer.
A. Finger authentication.
B. Biometric authentication.
C. Multi-Factor authentication.
D. Token authentication.

QUESTION 33

Which of the following malware types are very difficult to detect and remove as it
installs itself with higher system privileges? Choose one answer.
A. Trojans.
B. Viruses.
C. Rootkits.

QUESTION 34

Your company is considering using cloud computing. Which of the following security
concerns is MOST prominent when utilising cloud computing service providers?
Choose one answer.
A. Lack of control.
B. Data separation.
C. Cross-site Scripting.
D. Commercial viability of the provider.
QUESTION 35

If you were to recommend a mechanism on how to prove authenticity of email

messages what would you recommend?
Choose one answer.
A. Digital signature.
B. Asymmetric hashing.
C. Hashing.
D. Asymmetric encryption.

QUESTION 36

Segregation of duties is valuable in deterring? Choose one answer.

A. Internal hacking.
B. Fraud.
C. External intruders.
D. Password compromise.

QUESTION 37

Which of the following types of attacks will an anti-virus product MOST be unlikely to
discover? Choose one answer.
A. Trojan.
B. Virus.
C. Worm.
D. Phishing.
QUESTION 38

Which of the following tools provides the ability to determine if an application is

transmitting a password in clear-text?
Choose one answer.
A. Ant-Virus scanner.
B. Port scanner.
C. Vulnerability scanner.
D. Network sniffer.

QUESTION 39

When a sender encrypts an email message, what security feature does the message
provide? Choose one answer.
A. Non-repudiation.
B. Confidentiality.
C. Authenticity.
D. Authentication.

QUESTION 40

Which of the following is a security control that is usually lost when using cloud
computing? Choose one answer.
A. Logical control of the data.
B. Administrative access to the data.
C. Physical control of the data.
D. Access to the application's administrative settings.
QUESTION 41

Which of the following BEST describes how Address Resolution Protocol (ARP)
works?
A. It sends a reply packet for a specific IP, asking for the MAC address
B. It sends a reply packet to all the network elements, asking for the MAC
address from a specific IP
C. It sends a request packet to all the network elements, asking for the domain
name from a specific IP
D. It sends a request packet to all the network elements, asking for the MAC
address from a specific IP

QUESTION 42

Which one of the following should be employed to protect data against undetected
corruption? Choose one answer.
A. Authentication.
B. Non-repudiation.
C. Integrity.
D. Encryption.

QUESTION 43

You wish to protect against the risk of someone from your organisation leaving a
laptop containing sensitive company information. What is the primary
countermeasure you should implement?
Choose one answer.
A. Encrypted Wi-Fi using WEP.
B. Encrypted Wi-Fi using WPA2.
C. Use a Kensington Lock.
D. Encrypted hard drives.
QUESTION 44

After completing a forensic image of a hard drive, which of the following would you
use to confirm data integrity of the image?
Choose one answer.
A. Image compression.
B. Chain of custody.
C. AES-256 encryption.
D. SHA-512 hash.

QUESTION 45

What principle requires that for particular sets of transactions, no single individual be
allowed to execute all transactions within the set?
Choose one answer.
A. Authorisation.
B. Fair use.
C. Least privilege.
D. Segregation of duties.

QUESTION 46

Which of the following is the primary difference between a virus and a worm?
Choose one answer.
A. A virus is easily removed.
B. A worm is undetectable.
C. A worm is self-replicating.
D. A virus is typically larger.
QUESTION 47

Which type of cloud attack results in the service becoming so busy to illegitimate
requests that it can prevent authorised users from having access?
Choose one answer.
A. War Dialling.
B. Man-in-the-Middle.
C. DoS.
D. Data extraction.

QUESTION 48

What is a blockchain?
A. A distributed ledger on a peer to peer network
B. A type of cryptocurrency
C. An exchange
D. A centralized ledger

QUESTION 49

Asymmetric encryption uses:

A. Public keys only
B. Private keys only
C. Public and Private keys
D. Proof of Stake

QUESTION 50

Name the underlying technology in Bitcoin?

A. Bitchain
B. HashMap
C. Blockchain
D. Coin Ledger
QUESTION 51

Which cloud delivery model is provisioned for use by a specific community with
shared concerns?
A. Public
B. Hybrid
C. Private
D. Community

QUESTION 52

Which cloud services model is the most minimal, offering the consumer the capability
to deploy applications but not manage or control the cloud infrastructure?
A. IaaS
B. PaaS
C. AaaS
D. SaaS

QUESTION 53

On Which two of the following Network devices can ACLs be used to block traffic?
(Choose 2.)

A. Switch

B. Hub

C. Firewall

D. Router
QUESTION 54

Which TCP/IP utility might produce the following output?

A. Traceroute
B. Ping
C. Ifconfig
D. Ipconfig

QUESTION 55

You have just discovered a server that is currently active within the same network
with the machine you recently compromised. You ping it but it did not respond. What
could be the case?
A. TCP/IP does not support ICMP
B. ARP is disabled on the target server
C. ICMP could be disabled on the target server
D. You need to run the ping command with root privileges

QUESTION 56

Sue has been actively scanning a client network on which she is doing a vulnerability
assessment test. While conducting a port scan she notices the following open ports
80 and 443. What type of server is this likely be?
A. DNS Server
B. Mail Server
C. DHCP Server
D. Web Server
QUESTION 57

Dave has discovered a fantastic package of tools on Kali called Dsniff .He has learnt
to use these tools in his lab and is now ready for real world exploitation. He was able
to effectively intercept communications between the two entities and establish
credentials with both sides of the connections. The two remote ends of the
communication never notice that Eric is relaying the information between the two.
What would you call this attack?

A. Interceptor
B. Man-in-the-middle
C. ARP Proxy
D. Poisoning Attack

QUESTION 58

A director of a big organisation is looking for a provider that will allow her to move
her organization’s servers, routers, firewalls, and switches to the cloud. This provider
would essentially act as her organization’s virtual data centre. What type of cloud
provider does this network engineer need to find?
A. IaaS
B. NaaS
C. SaaS
D. PaaS

QUESTION 59

A CEO has requested that his IT department find a new accounting software. He
would prefer that the accounting software doesn’t need to be installed locally on his
machine, since he often switches between multiple devices. He would like the
program to simply be accessible via a Web browser on any device while he has an
Internet connection. What type of software should this IT department be looking at?

A. PaaS
B. TaaS
C. IaaS
D. SaaS
QUESTION 60

While logged in to your home office router, you notice an unusually high number of
devices connected to your network. You only have three devices that need to be
connected, but upon closer inspection, you notice a total of six devices connected.
You suspect that your neighbour has somehow figured out the password to your
router. This is a new router, and you just plugged it in and began using it just yesterday.
What important security step did you forget to complete when setting up the new home
router?

A. Lock your router in a secured location.

B. Change default usernames and passwords.
C. Change the public IP address.
D. Download the new firmware.

QUESTION 61

You just received a phone call from a client who is on the Internet about to fill in
information requesting personal account numbers and bank information. He states he
received an email from his bank informing him that his credit card number may have
been compromised by a security breach reported by a major hotel chain. He was
directed to an official-looking website that requested bank information and account
numbers. What form of security threat is he facing?

A. Phishing
B. Trojan horse
C. Spoofing
D. Ransomware

QUESTION 62

When someone is assigned only the rights and privileges necessary to do her job, this
is referred to as ____.

A. Super user
B. Principle of least privilege
C. Administrator privilege
D. Controlled access
QUESTION 63

An administrator needs more security than is available with just a login and password
on her mobile devices and wants to add another layer of security. How can she
accomplish this?

A. by logging in on the hour

B. by adding multi-factor authentication
C. by requiring a higher level password
D. by encrypting log names

QUESTION 64

A type of malware that is often disguised as legitimate software that users unwittingly
download and run is referred to as ____.
A. Latching
B. Adware
C. Trojan horse
D. Phishing

QUESTION 65

It is necessary for Officer Bob to leave his desk numerous times daily to attend to
respond to incidents. These absences are for periods of unpredictable length. In the
past, he has forgotten to log out of his machine, leaving it vulnerable while he is away.
As the system administrator, what can you do to prevent this security issue?

A. Remind Bob of the security issues and write him up if he continues to leave his
desk while logged in to the system.
B. Set up a screen saver with a password that will activate when the system is idle
for a certain period of time.
C. Draft a new security document explaining the risks involved with leaving your
computer unlocked.
D. Assign Bill a job that does not require him to leave his desk.
QUESTION 66

A timely review of system access records is an example of which type of basic security
function?
A. Prevention
B. Detection
C. Deterrence
D. Administrative

QUESTION 67

You have been assigned a task to look for a product that will allow your organisation
to implement two-factor authentication which of the following will meet the
requirement?
A. Something you know and have
B. Something you are and know
C. Something you have and are
D. All of the above

QUESTION 68

Which one of these is a form of social engineering where an unauthorized person

gains access to a controlled area by following in someone who has legitimate access?

A. Spying
B. Shoulder surfing
C. Tailgating
D. Hacking
QUESTION 69

A type of cryptographic network protocol a replacement to Telnet used mostly for

secure data communication, remote command-line login, remote command
execution, and other secure network devices? Is known as:

A. TFTP
B. SSH
C. Telnet
D. RDP

QUESTION 70

In a public key infrastructure (PKI), which half of a cryptographic key pair is never
transmitted over the network?

A. The public key

B. The private key
C. The session key
D. The ticket granting key

QUESTION 71

Which act amended the computer misuse act 1990?

A. The Police and Criminal Act 2006

B. The Police and Justice Act 2006
C. The Cyber Criminal act 2002
D. The Terrorism Act 2000

QUESTION 72

What are the three main pieces of legislation that are relevant to penetration testing
within the U.K?

A. The Data Protection Act, GDPR and The freedom of information Act
B. The Terrorism Act, The freedom of information Act and Human Rights Act
C. The Computer Misuse Act, The Human Rights Act and The Data Protection Act
D. The Misuse of Drugs Act, The Appropriation Act and Cyber Criminal Act
QUESTION 73

What is the purpose and legal reason for obtaining written permission before
commencing a pen test?

A. There are no legal reasons if there is a vulnerability you can exploit

B. If written permission is not obtained this will breach the GDPR
C. Because it is good business etiquette
D. Failing to do may result in breaching the Computer Misuse Act (CMA)

QUESTION 74

Security classifications indicate the sensitivity of information (in terms of the likely
impact resulting from compromise, loss or misuse) and the need to defend against a
broad profile of applicable threats. Which of the following are the correct HM
Government Security Classifications?

A. PROTECT, PRIVATE and SENSITIVE

B. RESTRICTED, CONFIDENTIAL and TOP SECRET
C. UNCLASSIFIED, PROTECT and RESTRICTED
D. OFFICIAL, SECRET and TOP SECRET